COMMENTS

Kudos!

Re: took "a substantial commitment of time and resources."

Gutsy move. It is devilishly difficult in practice to bake in security like this. Even if there are significant flaws, this is still really good news. As long as we establish the principle that security has this stature, we will eventually get there.

Man in the middle?

Ignoring the 'forward secrecy/ratchet' blog entry, because ephemeral keys don't work if the whole conversation is tapped, any listener also has the key change messages no matter how many you put into the stream.

How is the initial key exchange not subject to a simple man-in-the-middle attack?

It looks from the link below as if you're sending a public key each time. So that could easily be swapped. An NSA interested in your anti-Obama rant to your Congressman, simply routes the conversation through their software and swaps the public key for theirs.

https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2

The NSA owns the telcos, they would simply add a key swap into the SMS software of the telcos and would have the first key exchange from day one.

Assuming the infrastructure isn't trustable (with telco legal immunity, it makes no difference what the law says, the telcos obey the NSA not the laws, hence US telco infrastructure is 100% untrustable), then you can't do a public key exchange across that network.

Re: Man in the middle?

But the public keys don't have to be exchanged over SMSes. Right? So if exchanged in an encrypted secure file in an email with the password of the attachment spoken over the phone or depending on how critical the conversation is, exchanged using sneaker-net, wouldn't that work? I know the link talks about exchanging the public keys using SMS. But I'd imagine that you would be able to substitute public keys of certain folks manually. Or at least shouldn't be difficult to implement.

Re: y bother?

Theatre?

So I want to text Joe. First our devices need to attempt to determine which exact version of the OS each runs, over an open data channel. Captured by everybody from our mobile providers (warranty voided) to NSA (no-fly/extra security search/finer grained PRISM lists updated). Then, if the devices manage to negotiate capabilities, they need to exchange keys somehow, without worrying over MITM (eh? see the above). Only then encrypted messages can be exchanged.

Am I missing anything in this picture or is it as much a security theatre as any modern airport?

Nothing to hide

Re: Nothing to hide

Or, hopefully, it may be someone sending personal data, and the sender is aware of their obligations under the Data Protection Act, It could for example be a GP responding to a request from a colleague for some information from notes on a patient and secure email is for some reason not available. The practice might irritate the authorities but actually it's just ordinary people/businesses trying to obey the law and it shouldn't upset them once this is pointed out. There's nothing to stop the authorities coming with a warrant and asking for the plain text if they've got a justifiable concern.

I handle some personal data and I'd present plain text in reply to a warrant to show that any concerns are groundless (at least as far as I know) and they can hopefully then quickly move on to something else needing their time and attention. (That's meant to be public spirited, not sarcastic)

Isn't CM11 the main nightly platform now?

It seems a bit strange to put this in CM 10.2 nightlies first, when CM 11 nightlies are out for many devices now. In fact, the link to the CyanogenMod download page in the article lists a *ton* of CM 11 nightly downloads and far fewer CM 10.2 nightlies!

Mind you, it would be nice if the CM team put back a lot of the CM 10.2 config options they seem to have dropped in CM 11 first before worrying about SMS encryption. I can't get rid of the pointless Google Search bar from my home screen in CM11, the home screen itself is barely customisible now, plus the separate percentage+icon battery indicator has gone from the status bar (replaced by a horrible tiny percentage encircled, which doesn't show any figure at all when it's at 100%!).